Re: Only people who originally frequent sci.crypt reply to this

On Jan 15, 7:43 pm, "John E. Hadstate" <jh113...@xxxxxxxxxxx> wrote:
X-No-Archive: Yes

"Industrial One" <industrial_...@xxxxxxxxxxx> wrote in message

news:35d0f01d-f951-4c3a-8bf1-351d6bd9aaeb@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

I know enough to have implemented AES in C and Java, and I've
used the Java implementation in one web project (I used the C
version in projects for past customers). I don't really know
*why* it works, only that it seems to work. How well it works
is not likely to be something I'll ever be able to talk about
with any authority.

Did you have a specific question?

Yes. Someone claimed AES was not secure and can be easily cracked, in
the following points he made:
_____________
If you encrypt the same (exact) plaintext with the same key, you
SHOULD produce the exact same ciphertext. If you don't, then the
algorithm has random numbers involved and might not be reversible by
the decryption algorithm.

That said, there are no known attacks against AES. That doesn't mean
one won't be developed.

AES is a S-P network. Half the operations are S-box substitutions, and
the other half are P-box permutations (essentially). If a means is
developed to reverse just the P-box parts, then the algorithm's
security is dependent on just the S-boxes, a rather fragile situation.

With S-boxes, only half the output bits are dependent on each input
bit -- that is, for each bit of the input altered, only half of the
output bits are modified. This property may render the key vulnerable,
albeit only if the permutation layer is reversible.

Number theoretic attacks aren't dependent on brute force. If such an
attack is developed, it doesn't matter how inefficient it is to attack
the algorithm based on raw computing power -- you might even be able
to break it in a single pass with a TI-81 graphing calculator from the
mid-90s.

That said, if it's possible to determine the state of any of the p-
boxes or s-boxes from output data, then the algorithm would be
vulnerable.

Once you have those operations, though, it's trivial to implement
other operations. Logarithms are, in fact, easy to approximate to any
level of precision you want. There's an algorithm family called CORDIC
-- it can generate sin, cos and tan for a parameter at the same time,
and can compute log approximations quickly in a deterministic manner.
It can be adapted to compute division and square roots rapidly as
well. It produces approximations only, but those approximations can be
made to greater precision by adding an extra round -- IIRC, it
converges, for logarithm, at the rate of two bits per round, but my
memory may be wrong on this.

Discrete logarithms are much harder, of course, due to the need to
invert modulus, but you didn't use those as an example. In fact, the
discrete logarithm problem is NP-complete, and factoring the product
of large primes is (probably) NP-hard.

Breaking the algorithm is, in fact, the best attack. Who knows how
practical it is until someone's tried thousands of methods? It isn't
known how it resists mathematical analysis.

Brute force is usually the weakest link with a secure algorithm. AES
hasn't been proven to be a secure algorithm -- or if it has, the
formal mathematical proof hasn't been made public. If your words are
true, it'll never be proven, since that would require proving that it
resists analysis to predict properties of the algorithm and output,
too.

Quantum number calculations speed up processing in unpredictable ways.
For example, it makes both factoring the products of large primes and
the discrete logarithm problem trivial, breaking all known public-key
cryptographic algorithms. The algorithms are already known; it's down
to the problem of getting the hardware built.

It's a simple assumption: if there are unknown parameters that are
important in the encryption process, they need to be communicated to
the decryption process or decryption will fail. As a result, if the
same (unmodified) plaintext with the same key produces two
ciphertexts, it's likely that an additional parameter is needed to
undo the encryption process.

Is the reversal process really equally difficult as the initial
process? The fact is, as far as we know there might be a simple
equation that undoes AES's complicated operations. It's trivial to
write a simple equation as a series of more complicated steps.

For example, if I write addition as a series of AND, OR, NOT and XOR
operations, it's still undoable by normal subtraction.

Without knowing all of the properties of the individual operations,
and the effects of their combination, we can't assume that those
operations aren't equivalent to simpler operations.

Also, just because a PRNG isn't linear doesn't mean it doesn't have
bugs or design flaws. Those types of flaws are CRITICAL in
cryptography.

There have already been quantum computing algorithms designed that can
factor large integers in polynomial time. That's an enormous
advantage, even if it's large-coefficient polynomial time, considering
the best algorithms on normal systems are non-deterministic or non-
polynomial.

A large-scale quantum computer may well be able to factor a large
integer in a couple years, or maybe months. That type of timescale is
still relevant for many purposes.
______________________________________

Is this all true? Please review all his points and correct whatever he
got wrong. I'm not clueless in respect to cryptography, but didn't
bother to study AES much because based on all the reports, I believed
it to be secure if it could resist all those attacks when the
cryptanalysts had access to the source code etc.

It appears this guy wants mathematical proof of the security of the
algorithm AES employs, because he claims a weakness can be found in
the algorithm and render it reversible with a single pass because it's
all a series of equations being performed. A little vague, I know, but
if you got spare time: educate us ignorant dudes here :D
.

Quantcast